A web based Capture The Flag hacking contest intended for CTF beginners.
XSCORP-CTF-v1 is a CTF designed for beginners. It introduces the information security enthusiasts to the word "CTF", which stands for "Capture The Flag". It's a kind of competition/game where you need to get the flag(some text or code) to win/compete the level/game. Getting the flag requires practical skills in the world of Hacking /Cyber security.
This CTF is web based. That means you will be facing web challanges along with other minor challanges to get the flag. Since this is intended for beginners, the difficulty level has been kept easy.
Build and start the application with Docker.
docker build -t xscorp .
docker run --rm -p 3000:80 xscorpYou should now be able to reach the application on http://localhost:3000
- Identifying loopholes
- Source code inspection
- Decoding obfuscated code
- Directory bruteforcing
- Relating different situations
- Basic Image stegnography
Since beginners are quite likely to stuck in places, I am dropping some spoilers/hints below.
Phase 1: Rabbithole
Phase 2: Find that special directory
Phase 3: Even an innocent looking page might be hiding something in the source.
Phase 4: Ever heard about Javascrip Obfuscation and base64? Go learn about it!
Phase 5: Find the door that requires THAT KEY.
Phase 6: Find how to see the metadata inside an image, specially comments.